import { apiPage, agHelper } from "../../../../support/Objects/ObjectsCore";

describe(
  "Ensure XSS vulnerability are handled",
  { tags: ["@tag.Datasource", "@tag.Git", "@tag.AccessControl"] },
  () => {
    const test_rest_api_url1 =
      "http://host.docker.internal:5001/v1/mock-api?records=20";

    it("1. Ensures xss scripts are not executed when an API is run.", () => {
      apiPage.CreateApi("FirstAPI");
      apiPage.EnterURL(test_rest_api_url1);
      apiPage.EnterHeader(
        "key",
        `<img src=x onerror='fetch("/api/v1/admin/env").then(r=>r.text()).then(body=>document.body.insertAdjacentHTML("beforeend", "<h1 class=\"xss-container\" style=\"color:red;font-size:72px;position:absolute;top:0;z-index:9\">Poof!</h1>"))'>`,
      );
      apiPage.RunAPI();
      agHelper.AssertElementAbsence(".xss-container");
    });
  },
);
